Devices, such as mobile devices and embedded devices, face security issues that generally cannot be addressed solely using software solutions. For example, platform limitations that are generally inherent within mobile devices and embedded devices, such as slower and less capable processors, can affect: whether encryption can be used and to what strength; password/passphrase complexity; how a security mechanism can interact with a user; and security support for the platform. As another example, operating systems of mobile devices or embedded devices can be created
with a focus on proliferation (e.g., ease-of-use, more accessible). Such a focus can be at odds with security measures and technologies, and can leave operating systems of such devices more vulnerable to security risks.
Some devices offer a specific hardware security mechanism that defines a trusted execution mode, which can provide exclusive access to sensitive hardware components and/or sensitive data, and can provide an initial execution before a main operating system executes. This security mechanism can allow a single processor to host two different execution environments. One execution environment is a standard execution environment, which can provide a standard operating environment defined by a standard execution mode. The other execution environment is a trusted environment, (i.e., trusted execution environment or “TEE”), defined by the trusted execution mode. The TEE can be isolated from the standard environment, down to the hardware layer. The processor can ensure that some operations are only possible within the TEE, and the isolation of the TEE from the standard execution environment can increase the difficulty of starting a software security attack from the standard execution environment.